Overview

overview

10

Static

static

3

3295906522...62.exe

windows7-x64

10

3295906522...62.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32959065221f28d21fbd8c4e65fd5796532b705d72dfa04376e97507a5cc9662.exe

  • Size

    3.0MB

  • MD5

    a0a20679fdc6b25c96bb807917546e2f

  • SHA1

    d396d231650ab4699bd1fb62bdcc49fd3e754052

  • SHA256

    32959065221f28d21fbd8c4e65fd5796532b705d72dfa04376e97507a5cc9662

  • SHA512

    bbfad4907060e0920ca830cde0179a2485581acd5c165f5ae0faa2abb1047418881599946572a62e0414e4f1ca93f5888cc176293e09cccb664b5b2eba5559cd

  • SSDEEP

    49152:hLFLefeE7U6dS3I4L+Wd6n1DtMDMdgqpRM12K7JU/by9g5OjTwlE8/XCUjritN:hpebU6gYnkwOARMLC/22OQfCUjrij

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32959065221f28d21fbd8c4e65fd5796532b705d72dfa04376e97507a5cc9662.exe
    "C:\Users\Admin\AppData\Local\Temp\32959065221f28d21fbd8c4e65fd5796532b705d72dfa04376e97507a5cc9662.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:2548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2548-0-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-2-0x0000000077EA0000-0x0000000077EA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2548-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2548-3-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-4-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-5-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2548-6-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-7-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-8-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-9-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-10-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-11-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-12-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-13-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-14-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-15-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-16-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-17-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/2548-18-0x0000000001370000-0x0000000001E98000-memory.dmp

    Filesize

    11.2MB

    Download